mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* [ptxdist] [PATCH] expat: Version bump. 2.6.2 -> 2.6.3
@ 2024-09-05 17:05 Christian Melki
  2024-09-12 12:12 ` [ptxdist] [APPLIED] " Michael Olbrich
  0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2024-09-05 17:05 UTC (permalink / raw)
  To: ptxdist

Mainly security fixes.
https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes

Plugs CVEs:
CVE-2024-45490 - An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491 - Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms.
CVE-2024-45492 - Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 rules/expat.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/expat.make b/rules/expat.make
index 03f9ac6b4..31afb8604 100644
--- a/rules/expat.make
+++ b/rules/expat.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat
 #
 # Paths and names
 #
-EXPAT_VERSION		:= 2.6.2
-EXPAT_MD5		:= b246f58b25a7629fca6cbd1429400cdf
+EXPAT_VERSION		:= 2.6.3
+EXPAT_MD5		:= c70040a3f2743d9645cb029d3c9a7c89
 EXPAT			:= expat-$(EXPAT_VERSION)
 EXPAT_SUFFIX		:= tar.bz2
 EXPAT_RELEASE		:= R_$(subst .,_,$(EXPAT_VERSION))
-- 
2.34.1




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-09-12 12:22 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-05 17:05 [ptxdist] [PATCH] expat: Version bump. 2.6.2 -> 2.6.3 Christian Melki
2024-09-12 12:12 ` [ptxdist] [APPLIED] " Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox